Corinium representative:

Vanessa Jalleh, Content Director, Corinium

 Chair:

Speaker:

A lot of things have changed: everything is code, our datacenters, our infrastructure, and of course our apps. It's all software….

So much software is being built and security teams can't keep up, nor do they have the resources to do so. Most companies have a ratio of 100:1 developers to security professionals, so why not empower developers to take action? It makes economic sense.

Here is the reality: If companies want to survive and thrive in this fast-paced digital world, not only should we trust developers to handle security but also empower them to fix security issues themselves.

In this session, Lawrence Crowther from Snyk will share some insights on how security teams can scale by empowering developers to create secure applications, including the use of modern cloud technologies that are used to deploy and run application workloads.

Speaker:

Lawrence Crowther, Head of Solutions Engineering APJ, Snyk

• The demarcation of responsibilities has grown wider, bringing lots of challenges to CISOs: what solutions have worked?
• Maintaining a clear and concise direction when leading infosec teams
• How have recent attacks reshaped the role of the CISO?

Moderator:

Joey Chua, Head of IT, OSM Maritime Ship Management Pte Ltd

Speakers:

Chai Chin Loon, Senior Director of the Cyber Security Group (CSG) and Government Chief Information Security Officer (GCISO), Government Technology Agency of Singapore

Boris Hajduk, CISO, Tokopedia

Kawin Boonyapredee, Advisory Board, Singapore CIO Network (SCION)

Leonard Ong, Senior Director, Regional Information Security Officer, APAC, GE Healthcare

Marcus Tan Cheng Lin, Head of Cybersecurity Department, Institute for Infocomm Research (I2R) A*STAR

Cloud adoption is growing quickly. However, such a rapid adoption rate of new technology has its downsides as well. As more organisations move to the cloud, so do hackers. This session is based on our research and experience from the past year in securing enterprise cloud environments. Wiz Research has compiled the most pressing cloud risks and how you can protect against them. We focused on novel, notable, and high-impact risks that we believe you should be familiar with and include in your cloud security strategy for 2022.

Speaker:

Tarek Ibrahim, Enterprise Solutions Engineering, APJ, Wiz

If your organisation suffered a ransomware attack today, how confident are you that your business could recover quickly? Could you ignore the ransom? Do you have a comprehensive recovery plan in place?

 Veritas is the official Research Partner for CISO Singapore. In this session, Geoffrey Coley will share the latest insights from CISOs across the Pacific region and explain how you can assess your own security posture and see how your organisation compares to others across Singapore.

Speaker:

Recent years have seen developments in crypto-related technology as well as the growth of new crypto ecosystems including Web3.0, metaverse, decentralised finance, and NFTs. For institutions and corporations, the developments in the crypto space present opportunities as well as risks. As the crypto space is still evolving, there can be gaps in security frameworks that expose companies to both internal and external risks. This session will explore how companies can adopt various strategies to initiate a comprehensive 360 approach to prevent, detect, and manage such cybersecurity risks in the crypto space.

Speaker:

With the threat of cyber warfare becoming ever more serious, every organisation needs a “this is not a drill” cyber-first recovery plan. If cyberattackers targeted your organisation, the most likely business-crippling scenario would be a direct attack on Active Directory (AD)—the system that authenticates users and grants access to business-critical applications and services. AD has become a prime target for cybercriminals—implicated in 90% of the incidents Mandiant researchers investigate—because it has systemic vulnerabilities and because it gives attackers the means to unleash devastating malware.

The NotPetya attack that crippled Maersk in 2017 was a harbinger of the chaos to come. In this session, we’ll examine the action plan every organisation needs to execute to protect against a business-disrupting cyber incident.

 Key takeaways:

• Cyberattack risk is real—and rising (according to the “Allianz Risk Barometer,” a global survey, cyberattacks are the #1 greatest risk that organisations face today)
• Most attacks involve gaining control of the identity system—and AD is the identity system used by 90% of businesses—so hardening AD can significantly improve security posture
• Clear and straightforward action steps you can take to reduce your AD risk profile include

• identifying and addressing common AD security gaps
• continuously monitoring your AD environment for evidence of in-progress attacks
• developing a tested AD disaster recovery plan that will recover your entire AD forest to a known-secure state in hours (or minutes)

Speaker:

Jacquie Young, Cybersecurity Advocate, Semperis

This session will look at daily infosec expectations and needs. From theory to reality – what does a successful security plan look like at a detailed level? With the aim of delivering practical takeaways and useful sharing, this session will leave no stone unturned with its in-depth day-to-day IT security analysis.

Speaker:

Marcus Yin, Agency CISO, Information Technology Division, Corrupt Practices Investigation Bureau (Singapore)

Gaining access to a network and holding that data for ransom has caused billions in losses across nearly every industry around the world. Threat actors have levelled up, using "double extortion" to maximise pain and compel an organisation to cooperate. We can learn from threat actor techniques to protect data and restore operations from disruption. In this session, Ken Mizota, Chief Technology Officer APAC at Rapid7, will draw from a first-of-a-kind analysis, consisting of 161 separate data disclosures, to unearth pragmatic actions for specific industries.

Speaker:

Ken Mizota, CTO, APJ, Rapid7

• What keeps a CISO awake?
• Is there an ideal scenario for a CISO to rest easy? What would it look like?
• What are the new IT security ideas and solutions in 2022?
• Tips and tricks for a stronger cyber security plan

Speakers:

Anthony Dayrit, TISO, Assistant Director, IHiS (Integrated Health Information Systems), Director, Volunteer Outreach, (ISC)2 Singapore Chapter

Marcus Tu, Head of Cybersecurity, Singapore Post

Lim Thian Chin, Director (CII Division), Cyber Security Agency of Singapore

Yi (Estelle) Wang, Senior Manager Security & Privacy, Continental

Steven Sim, President, ISACA Singapore

Speaker:

Chair:

In the face of increasing sophisticated cyber threats, NTU has developed a holistic cybersecurity awareness ecosystem that drives synergistic innovation across people, processes, and technology. With an aim to cultivate a strong security culture that builds on collective responsibility, NTU’s Cyber Aware Ecosystem is a central element of their strategy to empower over 40,000 students and staff with the knowledge and capabilities to keep NTU cybersafe. In this talk, the speaker will share insights into their cyber security awareness programme journey, which was recognised by both internal and external awards.

Speaker:

Christopher Lek, Director, Cyber Security, Centre for IT Services, Nanyang Technological University Singapore

This is an informal, rotating discussion, grab a cocktail and drop into discussions of interest!

During this interactive session, attendees will join roundtables based on the topic they wish to explore further and discuss with their peers. Don’t miss out on this final session to brainstorm with your peers and take ideas back to your workplace.

Topic 1: Intelligence: Intel collection and usage.

Topic 2: People: Building a security-ready organisation.

Topic 3: Risk: Vulnerabilities and risk assessment planning.

Topic 4: Technology: Identifying the latest technologies that will see us through challenging IT security issues.

Topic 5: Ransomware: Assume you’ve been breached

Topic 6: Threat Hunting: Finding the bad actor first

Chair:

During this session, the speaker will share best practices and learnings from their own cybersecurity journey and highlight the unexpected challenges their faced and how they overcame them.

Speaker:
Hwee Cher Tan, Group Head, IT Security and Governance, CGS-CIMB Securities

Compliance isn't one size fits all. It's complex, time-consuming, and constantly changing. It requires time and personnel to implement compliance standards, and continual effort to enforce processes that maintain compliance – without being a burden to the organisation and while enabling teams to continue work on projects that help drive the business forward.

This session will discuss some of the security and governance challenges of managing compliance in an ever-changing IT landscape, and how automation is key to effectively enforcing compliance to improve overall security posture.

Speaker:

Justin Wong, Solutions Engineer Team Lead, Puppet Asia Pacific

• An overview of the top cloud security challenges
• XDR - on cloud
• Multicloud adoption strategies
• Putting the right controls in place for 2022/2023 – what has changed since last year?
• Hybrid/remote is here to stay – what is the long-term plan?

Speaker:

Yaron Slutzky, CISO, Agoda

Identity is a powerful force multiplier for Zero Trust security initiatives. As Okta's 2022 State of Zero Trust report makes clear, this mindset is essentially universal now: Nearly all APAC organisations surveyed have already started a Zero Trust initiative or have a definitive plan to start one in the coming months.

Join us for this session to learn more about the key role that identity plays in a zero trust strategy, how you can successfully integrate identity into your existing security practice and why adopting identity-first security will help you realise your zero trust goals.

Speaker:

Ratih Sudirham, Senior Solutions Engineer, Okta

• How would you build a security program in 2022? How have things changed?
• People, Process, and Technology – what do you need to incorporate into your program?
• What does ‘good enough’ look like and how do we measure it?
• Risk, regulation, and strategy – making them all fit together.

Moderator:

Phoram Mehta, Senior Director, APAC CISO, PayPal

Speakers:

Yaron Slutzky, CISO, Agoda

Boris Hajduk, CISO, Tokopedia

Jannem Yong, Head, Information Security, StashAway

Speaker:

Fernando Serto, Chief Technologist, Cloudflare

In this exclusive tour, take an in-depth look at the dark web through the eyes of an expert. As a more interactive element to the session, let your guide know what you want to see and learn, so that we can strengthen our cyber security practices and know our opponents better.

Speaker:

Hieu Ngo, a former hacker and cybercriminal now Cybersecurity Specialist, National Cyber Security Center of Vietnam & Co-founder, ChongLuaDao.Vn

Chair:

Vanessa Jalleh, Content Director, Corinium

Securing the workloads in the cloud with software agents and network scanners are not effective and yet incurs high Total Cost of Ownership.

Please join us to learn about Orca’s revolutionary SideScanning technology that can secure 100% of the cloud assets without deploying software agent and yet provides full risk assessment, including vulnerability/malware/mis-config/lateral movement risks and a lot more.

Speaker:

Oren Coral, Vice President Sales, APAC, Orca Security

Supply chain networks are increasingly driven by technology and digital transformation. While it makes them faster and more efficient, it also gives rise to new cybersecurity concerns. A recent European Union Agency for Cybersecurity study finds attackers have shifted their attention to suppliers, related third parties and ecosystem organisations. The latter are usually smaller companies that don’t always follow the cybersecurity and compliance requirements of the main organisation.

Impacts of these attacks include service downtime; manufacturing disruption; supply and logistics challenges; monetary loss; and reputational damage. This session will look at mitigation and risk management steps organisations need to take to minimise or protect against supply chain cyberthreats.

Speaker:

Anthony Lim, Director, The Centre for Strategic Cyberspace + International Studies

In the face of skyrocketing cyber risk, the role of a modern day CISO is an evolving one. While CISOs were traditionally known solely as security risk managers, CISOs now have added responsibility for overall business strategy. In this session, Germaine Tan, Director of Analysis at Darktrace, peeks into the mind of a modern day CISO - some of the challenges faced, and how they can be addressed with self-learning solutions in order to get a good night’s sleep.  

Speaker:

Germaine Tan, Director of Analysis, APAC, Darktrace

This session looks at the journey of the modern CISO. How does a CISO get to where they are? What drives them every day? And what do they plan to do now? All this and more will be answered during this intimate sit-down session.

 Speakers:

Jason Lau, CISO, Crypto.com

Sabarinathan Sampath, Chief Strategy Officer, Wire19 (a venture of ZNet Technologies)

During this interactive session, participants will be divided into groups of 5-6 sited on a cabaret-style set-up to describe the biggest challenges when dealing with a ransomware attack.

Once the discussion concludes, the group will be given a hypothetical challenge, and have 20 minutes to come up with how they would handle it, with real-time feedback from our expert moderator.

For the remaining 15 minutes, a spokesperson from each group will report back to the other groups on what solutions were achieved and conclusions were drawn.

The Problem: Your organisation has become a victim of a ransomware attack. How will you survive the attack and emerge more resilient?

Here are some thoughts to consider:

• Recent ransomware trends and challenges – what have others done before?
• What should you do about the ransom?
• What ransomware discussions should we be having?
• Should you outsource to a ransomware expert?
• Patching strategies.